We wanted to do this for a long time and finally managed to. VersionPress is now free & OSS on GitHub.
It is my great pleasure to announce that VersionPress goes fully Open Source today. While the software itself has been GPL’d since the first releases, we’ve been developing it privately and Early Access was a paid-for program. All of that goes away today. VersionPress’ new home is now on GitHub are we’re not just making it freely available there, VersionPress will truly be developed out in the open and run as an open source project, hopefully with the help of a broader WordPress community over time. We encourage you to star / watch the repo and join us in the mission to turn WordPress into a fully versioned platform.
Oh, and “by the way”, we’re also releasing VersionPress 3.0-beta today.
This is a big moment in the project’s history so let me share a bit of a background story.
The early days
VersionPress started as an internal research project between me and Jan a couple of years back. We were solving our own workflow issue where we couldn’t easily synchronize WordPress sites between environments because database merging was virtually impossible. We decided to use Git (not SVN) as an internal engine of what we started calling VersionPress, and the results were pretty amazing. This tool
A complete guide to help plugin developers rank higher in the new WordPress.org plugin repository.
Yesterday the new plugins directory was officially released replacing the old, “legacy” one. Many community members (including me) feel that most of the issues that were addressed during the feedback phase were unfortunately ignored, but one thing that was significantly improved for sure is the search. It is still lacking way behind the search capabilities of designated search services like Addendio, but it’s much better than its predecessor.
The much-anticipated update to the plugins’ search is a HUGE thing. Not only does it obviously affect the WordPress.org repository search, it also changes the search in the WordPress Admin dashboard on ALL of the millions of WordPress sites out there (27% of the web).
Many developers in the WordPress community aren’t aware of the power of SEO in WordPress.org directory, but if you think about it, most of the traffic to your plugin’s or theme’s listing is coming from search. Here are the top 3 channels:
WordPress.org – people see the repository as a trusted collection of plugins & themes, many “plugin hunting expeditions” are starting right there. If you take a look at the screenshot
Pippin has reviewed every popular plugin in an excellent manner. It's an honest and unbiased post and very interesting to read a developer's point of view for page builders.
Before starting this, I need to be completely honest: I really dislike page builders. In the last few years, page builder plugins (and those built into themes) have quite possibly caused more headaches for me and my support team than any other single category of plugins available for WordPress. This overall experience, and one too many support tickets related to a builder in a week, culminated in the following Twitter rant: Not only do they typically have incredibly subpar user experiences, they are easily the biggest compatibility problem for other plugins
— Pippinsplugins (@pippinsplugins) September 14, 2016
The sheer number of tickets that would NOT land in my system every week if they weren’t a thing is crazy.
— Pippinsplugins (@pippinsplugins) September 14, 2016
They break other plugins every day through their incredibly non-standard methods of content “building"
— Pippinsplugins (@pippinsplugins) September 14, 2016
I’m all for a good page builder, but if that means screwing over compatibility with other plugins’ ability to use standard WP features, stop
— Pippinsplugins (@pippinsplugins) September 14, 2016
These tweets garnered
Both sides have valid points, but honestly, the wp.org team handled this badly. Hope the guideline gets published properly.
Let me preface this post by mentioning that this was difficult to write, I’m still frustrated but I’ve accepted the immediate outcome 1. That said… Last week I received an email from the WordPress.org plugin review team that Sprout Invoices “has been found to be in violation of the repository guidelines, found at https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/“.
Turns out this was the issue:
What did .org do?
Since I was accused of compensating reviews through “bribery”: Sprout Invoices was immediately pulled out of the repo until that link (and the page at the other end of “send us the link”) were removed.
Also all 5-star reviews were deleted; all of them…
“The reviews that have been associated with this method have been removed from the system in order to restore equilibrium to the reviews.”
Was I compensating reviewers?
Obviously yes; through a discount of a pro license, I figured it was alright to compensate their time.
Was it “Bribery” or did I “Pay Reviewers”? Why does that distinction matter?
In no way was this “bribery”!
WP Rollback lets you rollback any theme or plugin to any version published on the Repo. There's no settings, it's built to be a seamless WordPress update experience. Great for those times when an update just doesn't go the way you wanted it to.
Quickly and easily rollback any theme or plugin from WordPress.org to any previous (or newer) version without any of the manual fuss. Works just like the plugin updater, except you're rolling back (or forward) to a specific version. No need for manually downloading and FTPing the files or learning Subversion. This plugin takes care of the trouble for you. Rollback WordPress.org Plugins and Themes
While it's considered best practice to always keep your WordPress plugins and themes updated, we understand there are times you may need to quickly revert to a previous version. This plugin makes that process as easy as a few mouse clicks. Simply select the version of the plugin or theme that you'd like to rollback to, confirm, and in a few moments you'll be using the version requested. No more fumbling to find the version, downloading, unzipping, FTPing, learning Subversion or hair pulling.
Muy Importante (Very Important): Always Test and Backup
Important Disclaimer: This plugin is not intended to be used without first taking the proper precautions to ensure zero data loss or site downtime. Always be sure you have first tested the rollback on a staging or development site prior to using WP
I'm biased, but Sarah's review of Give is really well-rounded and covers a lot of the high points of why we built Give and why it's a good solution to a missing piece in WordPress plugins.
The new Give WordPress plugin launched this week on WordPress.org. As far as donation plugins go, this one is making a big splash with its 0% commission charge approach. Any site using the plugin can collect 100% of the donations given, as opposed to online donation sites that generally keep a portion of funds raised. Give aims to “Democratize Generosity,” a nod to the mission of WordPress. The plugin was created to empower causes and non-profits with the ability to host their own donation forms, easily manage reporting and customize emails directly within the WordPress admin.
Give supports the creation of flexible forms, so that you can accept payments of different amounts or allow users to set a custom amount. Developers can also easily add custom form fields.
The plugin is built by the folks behind WordImpress. Co-founder Matt Cromwell said that they naturally fell into the donations niche after many frustrating experiences supporting non-profits without donation-specific tools.
“Devin and I both worked with non-profits before WordImpress and struggled with donations every time,” Cromwell said. “One client we still serve manages donations with a mess of WooCommerce/Donation Extensions/Subscription
Pamela writes about an alarming way that a plugin injects its own affiliate links without informing or asking for consent from the user.
Let’s face it. Plugins make our lives easier. Especially on WordPress. Without them, we’d be left having to learn to code for every desired feature, or we’d have pay big bucks to have it done. So it makes sense that we installplugins to handle just about anything from Analytics to zebra striped backgrounds. When it comes to social sharing, there are scores of WordPress plugins, and at the top of the list for many is Shareaholic. This app does more than just provide sharing tools. It will also display related content, which is a great way to keep visitors within your site.
What the powers-that-be behind the tool don’t tell you up front is that affiliate linking for your blog is turned on by default. This feature is, according to Shareaholic, is a way for publishers to be compensated for traffic driven to other sites. They do this by “leveraging partnerships with merchants”, which really means Shareaholic has its own “publisher” affiliate accounts with various merchants.
Why is this a bad thing?
Because the plugin actually hijacks links in blog posts. Whenever the plugin recognizes a link to one of the merchants they work with, the link is re-written. But it’s not so evident that it’s
My mea-culpa article about how my big Seamless Donations plugin update blew up when it encountered the WordPress repository. Cautionary tale. Sigh.
"How's your week been?" "Nothing too unusual. Went on TV yesterday to help users understand the LastPass breach. Been working on PowerPoints for a briefing. Oh, and I accidentally crashed somewhere between 10,000 and 70,000 nonprofit Web sites."
So yeah. That happened.
This weekend, after working for three months on an open-source plugin I adopted back in March, I released a major update. Despite all my best efforts (and, in fact, because of some best practices), the release had a naming conflict and caused a whole lot of Web site crashes.
Three months ago, I learned that a very well-respected GPL open-source WordPress plugin, Seamless Donations, was about to lose developer support. Its original developer had a full-time job that needed his full-time attention.
As it happens, I was also looking around for a programming-related side project (after spending 18-months writing academic papers, I wanted to freshen my coding skills), and since I have already done a lot of work in WordPress and support nonprofit work, I thought this would be a good fit for my next side project.
On March 16, I took over the coding work for Seamless Donations. Because the plugin had something like 56,000 installs
Want a little demo of our plugin generator? Camden breaks it down!
We make a lot of plugins at WebDevStudios. Whether adding functionality to client projects, creating open source plugins to give back, or developing premium products, we are always spinning up new plugins. To speed up this process, we created generator-plugin-wp, a Yeoman generator which streamlines all parts of the plugin development process. I’ve talked about it previously in my posts Get a Plugin Kickstart with Yeoman & generator-plugin-wp and Recent Changes to generator-plugin-wp. In this post, I’m going to walk through the actual process of creating a plugin with this tool.
Before you get started, you will want to install Node, and then use NPM to install the generator and a few other CLI tools that are necessary for its full use.
npm install -g yo grunt-cli generator-plugin-wp
Now, from the plugin directory in your terminal, run:
From here you can enter the title of your new plugin. I’m going to make a plugin for tracking and publicly listing my many missions in Kerbal Space Program:
This provides the basic setup for my plugin, and now my plugin directory now looks like this:
This is where things start to get cool. Without any changes, we have a unit tested plugin,
WPSiteCare puts together a seriously robust list of really awesome WordPress plugins. This is one of the best round-ups I've seen for this type of post. Ever.
I know what you’re thinking. You’ve already seen 15 best WordPress plugins posts this month and you can’t possibly read another one. Trust me, I feel your pain. It seems like every popular website has some arbitrary list of the best WordPress plugins of 2015, 2014, and 2013, on their blog. The thing is, most of them are totally full of crap. I’m going to say it right now: I hate most WordPress plugins. They’re terrible. They’re poorly coded, hard to use, full of bugs and security holes, and they’ll slow down your website. Anyone who tells you otherwise is either misinformed, being disingenuous, or has an ulterior motive (like affiliate revenue).
This Ain’t Your Average Best WordPress Plugins Post
This isn’t just some half-baked list of untested plugins that seem super cool and might make me a bunch of affiliate money. No, this is something much better than that. This is a list of the best WordPress plugins ever created since the dawn of time. Alright, maybe that’s a bit of a stretch, but seriously, I’ve spent a TON of time choosing, reviewing, and testing every single plugin on this list.
These are WordPress plugins that solve real problems and do so in a way that won’t damage your
A performance benchmarking of popular caching plugins on the WordPress market.
Share this: 6
Editors note: Back in December we wrote about caching plugins, diving into the what and why. At the time we also noted our intention to do some performance benchmarking of popular caching plugins as a follow up, to identify the best based on real performance data. Philip Blomsterberg, manager of Levante Sökmotoroptimering, read our post and reached out offering to undertake this performance benchmarking as it was something he too had been considering. His plan of attack sounded really good so we happily accepted. What follows are the results of Philips benchmarking project.
While developing my own site, we naturally wanted to achieve the lowest loading time possible, and pretty much made it a sport gaining just a few tenths of seconds in loading time. We knew how important caching was, but discovered that there were many ways to deceive yourself just by looking at thg speed metrics. During the tests, we, of course, looked at all the different caching plugins out there, and after reading Charles’ post I decided to make a more thorough test of their performance.
Quick comments about Caching
Speed is becoming increasingly important in Search Engine Optimization,
WP Notification Manager is a small WordPress plugin that catches all of these notifications you would normally see on every admin page and puts them into your Notification Center.
One of the things I see a lot when I log into someone’s WordPress website are notifications. I’ve logged into websites where I had to scroll down because notifications pushed the actual page content below the page-fold. I understand notifications are important and why we add them but does that mean they have to be in your face on every single page? I don’t think they should and that’s why I created WP Notification Manager. WP Notification Manager
WP Notification Manager is a small WordPress plugin that catches all of these notifications you would normally see on every admin page and puts them into your . The Notification Center and your notifications are accessible via your WordPress toolbar (the black bar on top of each WordPress website) but won’t be displayed by default. There is a small number shown in your toolbar to let you know how many notifications are in your notification center.
So what would by default looks like this:
Will now look like this:
The plugin catches all properly added WordPress notifications so you can install without having to adjust anything to your current website.
This first version is very basic but I wanted to check first if there are actually people who
I gave some background on Twitter's new official plugin, including some screenshots of it in action.
Twitter has finally announced an official WordPress plugin. It’s pretty thorough, and on a quick test run, works as advertised. Here’s a rundown of some of the features and background. “About time” is probably what comes to mind. Twitter has announced an official WordPress plugin to support their platform. It’s available now on the WordPress plugin repo.
They just released the plugin a couple of hours ago. It’s actually taking the place of an existing plugin, which was wiped from the plugin repo two weeks ago by Otto Wood. That’s what will account for the 150,000+ downloads upon initial release. Otto has now reset the count in the database, so the numbers are more realistic.
I reached out to Otto to see how these decisions are made. Otto is one of the managers of the repo.
A twitter representative emailed us, sent us the plugin, and asked to have the “twitter” name in the directory. We reviewed the plugin as per normal, found no issues with it, and decided to give them the name because, after all, they are indeed “Twitter” and have the rights to their own name.
The previous plugin occupying that space had been inactive for a long period of time and had no real existing installations
This is huge. First ever ERP, right inside WordPress. It's an OpenSource Project, sits in GitHub, also available in .org plugin directory. This is a beta version with support for HRM, CRM, Project Management & Accounting. This project is under heavy development.
When I started weDevs 3 years ago this day, I never thought I would build a company, hire people, have an office and will do so many things together. I started managing a company, doing HR, Accounting and all those things that I never had any experience before. What can you expect from a fresh university student? Not much, eh? I never had to do any managing before, didn’t had to do any accounting either, not even the guy I hired to manage those few employees had the experience beforehand. It was all a new experience for every one of us, creating WordPress products what we only could do and we do it better than more than a lot of people.
There isn’t a plugin for that!
Then we realized, WordPress doesn’t have any HR, Accounting plugin either and we could totally be able to manage the new company within a WordPress system. As developers, we see WordPress from a different perspective, we don’t see WordPress as a CMS, but we believe its a platform for building web of things. So we took the challenge to build a complete system that would help any small, medium, even a large company to manage its Employees, Accounting, CRM and all those needed nuts and bolts. If you could manage your office
In this article, I discuss what the new WordPress REST API is, why it's important, and how to get involved. It's a pretty thorough introduction that hopefully answers some of your questions about the new API.
The WordPress REST API is a huge initiative and feature plugin being developed for the core WordPress project. But it can be a bit confusing if you don’t know much about it yet. Let’s discuss what this project is, why it’s important, and how to get involved. The WordPress REST API project is the most exciting project for the platform since custom post types were introduced in WordPress 2.9 and 3.0. I really believe that.
While the project is under a major rewrite and not yet slated for a specific core release, it can be really confusing to figure out what’s going on.
Let’s talk about what the new API is, why it matters, and go over the state of the API to answer some common questions I’ve seen.
What is a JSON REST API?
Let’s start by defining the acronyms. It may seem tedious for experienced developers, but it’s a good way to get us in the right mindset.
API: Application Program Interface
APIs have a broad definition. Any program is an API. When you have some form of construct in a programming language — like PHP for example — where the construct makes it possible to perform a programming task, that’s a good way to think of an API.
Let’s use custom post types as an example. WordPress
This has been in the works for quite a while, check out WordPress SEO 2.0
We’re proud to announce the availability of WordPress SEO 2.0. This release adds new features for Google’s Knowledge Graph and improves the design, layout & usability of the WordPress SEO plugins admin screens in many ways. Google Knowledge Graph
Google recently introduced new features for their knowledge graph, allowing you to highlight yourself in the search results as either a company or a person. This includes you or your company’s name, if your site is for a company, the logo:
And it includes your social profiles (this is the list of social networks Google supports in their social markup):
If Google has picked this all up and shows a Knowledge Graph block for you or your company (note that we can’t force it to do that), it would look like this:
Simplified the admin menus
We’ve decided to move several admin pages under one “Advanced” page, and several tools to a new “Tools” page. This makes our entire admin structure a lot cleaner (note the screenshots are for WordPress SEO premium), compare the old (left) versus the new (right):
While this might seem mostly a superficial change, it’s very important in how we think you should perceive our plugin. The most important thing you can
This is very interesting new free plugin. It lets you create a sandbox, which is actually a multisite installation, so you could test functionality of a newly updated plugin. This is a nice post, and talks about plugin author's dream to have this feature into WP Core.
photo credit: hiljainenmies – cc “If it ain’t broke, don’t fix it.” This is a common mindset among WordPress users who don’t regularly update their themes and plugins. The fear of an update breaking something is often stronger than the desire to gain enhancements and security fixes. Why improve something that already works perfectly well?
Antti Kuosmanen, founder of Seravo.com, a WordPress hosting company based in Finland, has been performing tested auto-updates for the past three years for thousands of sites. Using the experience he gained as a dedicated hosting provider, Kuosmanen created the WP Safe Updates plugin with the desire to remove the barrier of fear that often prevents users from updating their sites.
WP Safe Updates allows users to test plugin updates in a sandbox before applying them on a live site. After installing the plugin, you’ll see a new “test update” link with available updates on the plugins page.
Clicking this link creates a sandbox where you can test the plugin update without making any actual changes to the live website. The plugin immediately updates in the sandbox and you’ll see a notice at the
Well it marks an end of an era so to speak.
A long time ago – when making our first premium WordPress theme, Darren and I made TimThumb. TimThumb has been amazing – but it’s also not been without it’s share of problems. In particular in 2010 there was a major security exploit found and it hurt a lot of websites, my own included. There are still people who are suffering because of it. I’ve felt incredibly guilty about this for years now, and so my enthusiasm for TimThumb has dropped to nothing.
Because of this lack of enthusiasm, and a fear of doing something else wrong, I have barely touched the code in years. In fact a couple of months ago I wrote about why I don’t use TimThumb (and what I do instead). If you’re a WordPress developer and still using TimThumb then you are ‘doing it wrong’. As such I am dropping all future support and maintenance for TimThumb.
To be honest this has been the situation for a while now, I’ve just not announced it before. If you want to use TimThumb then you do so at your own risk.
It feels a little sad to be writing this – but it’s also a huge weight off my mind. Now I can go back to making WordPress themes and video games in peace :).
MIka explains policies regarding forks and copies in the WordPress repo.
This has come up recently. What happens when someone submits a plugin that’s a copy of another? The tl;dr here is this: Please email us at email@example.com if you find someone has slipped an uncredited fork or identical copy of another plugin into the repository.
In general, we spot these before they ever get published. We rejected 10s of plugins a month for being identical copies. That said, we also approve double that for being legitimate forks.
While the GPL and it’s compatible licenses allow for forking, we have an ‘above and beyond’ rule for hosting here, that means your plugin must be a substantial change of the original. We do not allow direct copies of other plugins to be re-listed under somebody else’s name, we allow changed forks.
What does that mean? It’s very simple. You have to add new features, remove features, modernize, fix, clean up, or otherwise make a change to the plugin that differentiates it from the original. In rare cases, a simple clean-up will be accepted, but normally we try to get a hold of the original authors and have the fixes folded in to the original plugin. If you have a fork, we require you to retain all credit and/or copyright information.
Very detailed and thorough overview of how to understand plugin vulnerabilites. This is particularly relevant in light of the recent forced updates from the WordPress Core team of the WordPress SEO (Yoast) plugin.
The last 7 days have been very busy with a number of vulnerabilities being disclosed on multiple WordPress plugins. Some of them are minor issues, some are more relevant, while others are what we’d categorize as noise. How are you supposed to make sense of all this? To help provide some clarity on the influx of data, we want to provide some insights to help you, the website owner, navigate and understand these vulnerabilities. We will provide a summary and an explanation of the ones that matter and the ones that do not.
The Impact of Roles (Authentication) in Vulnerabiltiies
Contrary to popular belief, just because you hear “SQL Injection”, it doesn’t mean someone can actually hack your site. The real problem comes in remote and unauthenticated attacks. These can lead to mass compromises; compromised can be mean leveraged to distribute malware, spam and can lead to brand reputation issues like getting blacklisted by Google.
When an attack requires an authenticated user, the severity drops. However, it is not that uncommon for sites to allow subscribers to register. So, any vulnerability that requires a subscriber user can also lead to serious issues.
Once a vulnerability requires a
Konstantin Obenland, Samuel “Otto” and Meta team is working on bringing V3 for WordPress.org plugin directory. They are looking for MVP by March 1 and working for the final release date of June 26. Stay tuned, and check all the improvement coming. Its big change, as instead of using bbPress, now all will be based in WordPress.
A year after relaunching the Theme Directory on WordPress, the Plugin Directory will finally get the same make over. With the entire process being open source from the start, please feel free to follow along and contribute on Meta Trac and in the #meta Slack channel. For more in-depth information, please consult the project overview page.
We at ManageWP like to do things our way, even when it comes mundane things like pricing. Here's an epic post about the upcoming ManageWP Orion pricing model. It's got everything an article of this length should have: excitement, drama, suspense, comic relief and John Travolta.
This is it, ladies and gents, the long overdue article you’ve all been highly anticipating. Get your popcorns, calculators and pitchforks ready, we’re talking about the new ManageWP Orion pricing model. Problems With The Current Model
We’re one of the rare WordPress services where you don’t need to commit to a whole year of service. You’re able to scale your subscription on the fly, both up and down, and get a pro rated refund. We made sure you are able to vote with your wallet and cancel your subscription if you ever feel you’re not getting what you pay for.
Personally, I think it’s great. But just because it’s great, doesn’t mean it can’t be better. There are three main problems with the current pricing model that we wanted to address:
Paying for a set of tools, when you only need some of them
Different websites have different needs, but you can have only one plan for all
No love for the little websites that need just the basics
When we started working on Orion, the objective was simple: tear everything down, rebuild ManageWP from scratch to make it rock solid. So when pricing came up, we threw out the WordPress norms and took the risk of building a pricing model that you need, instead
Gutenberg will be a game changer for WordPress. These are just my initial thoughts on it's beta development to date. There's LOTS of potential here.
Gutenberg is the future of content in WordPress. It will deliver the elegance of Medium but with far more power and flexibility of layouts and content types At WordCamp US 2016, Matt Mullenweg announced that new point releases of WordPress would have specific foci around features of WordPress. In the same breath he also announced that he wanted WordPress to have a renewed focus on the post writing experience. He acknowledged how content editing has changed and evolved a lot over the years while the WordPress editor has changed relatively little. I listened to that whole announcement with baited breath because I’ve been longing for a totally revamped way to write content for a long time.
First I took a stab at showing highly styled content directly in the editor
I emphasized how the except can (and should) be used as content in posts
Then I collaborated with Kevin Hoffman on displayed theme-based dynamic styles directly in TinyMCE
All these things were for me tiny efforts to make the backend editing experience more closely emulate the front-end results.
So when the first announcement came out about Gutenberg being about “little blocks” I was excited. This sounded like
I haven't fully read this to determine my thoughts, but this is a rare opinion article from Polly.
photo credit: Green Chameleon Last week, Dan Cameron, creator of Sprout Invoices, received an email from the WordPress.org plugin review team stating that his plugin was in violation of the repository guidelines. Sprout Invoices was promptly removed from the directory and all of its 5-star reviews were also removed.
Cameron had been discounting the professional license of his plugin for customers who gave a review on WordPress.org. In a post expressing his frustration with the way the situation was handled, Cameron said he “figured it was alright to compensate their time” and that customers were free to leave a good or bad review.
The official plugin directory guidelines do not explicitly prohibit compensated reviews, which is why Cameron said he was unaware this was an issue. During his conversation with the plugin review team, he was referred to an article posted on the make/plugins blog regarding the issue:
“If it’s not clear enough, we’re serious,” the email stated. “We even posted on make/plugins.”
At the end of May, WordPress plugin review team member Mika Epstein posted a reminder to plugin developers about not compensating for